[Logcheck-commits] r1495 - in logcheck/trunk: debian
rulefiles/linux/ignore.d.server
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Sat Feb 10 17:46:29 CET 2007
Author: madduck
Date: 2007-02-10 17:46:28 +0100 (Sat, 10 Feb 2007)
New Revision: 1495
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
Log:
* ignore.d.server/ssh: ignore @ in names of nonexistent accounts.
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2007-02-10 16:45:13 UTC (rev 1494)
+++ logcheck/trunk/debian/changelog 2007-02-10 16:46:28 UTC (rev 1495)
@@ -13,8 +13,10 @@
* violations.ignore.d/logcheck-proftpd: ignore warning about attempted root
logins.
- -- martin f. krafft <madduck at debian.org> Sat, 10 Feb 2007 16:44:46 +0000
+ * ignore.d.server/ssh: ignore @ in names of nonexistent accounts.
+ -- martin f. krafft <madduck at debian.org> Sat, 10 Feb 2007 16:45:36 +0000
+
logcheck (1.2.54) unstable; urgency=low
* ignore.d.server/dovecot: also ignore local logins, which are "secured",
Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2007-02-10 16:45:13 UTC (rev 1494)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2007-02-10 16:46:28 UTC (rev 1495)
@@ -14,8 +14,8 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Could not get shadow information for NOUSER$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^']*' from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-'"<!>_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-'"<!>._[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-'"@<!>_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-'"@<!>._[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
More information about the Logcheck-commits
mailing list